ServiceStack - roles and permissions

2019-03-03 03:00发布

站内问答 / 移动开发
1324 1 6

I'm implementing ServiceStack's Roles and Permissions. I send

{"UserName":"JASON1","Permissions":["CanAccess"],"Roles":["Admin"]}

via http://localhost:15465/api/json/reply/AssignRoles but i got following error:

{
  "AllRoles": [],
  "AllPermissions": [],
  "ResponseStatus": {
    "ErrorCode": "Invalid Role",
    "Message": "Invalid Role",
    "StackTrace": "[AssignRoles: 3/11/2015 11:12:02 PM]:\n[REQUEST: {UserName:JASON1,Permissions:[CanAccess],Roles:[Admin]}]\nServiceStack.HttpError: Invalid Role\r\n   at ServiceStack.RequiredRoleAttribute.AssertRequiredRoles(IRequest req, String[] requiredRoles)\r\n   at ServiceStack.Auth.AssignRolesService.Post(AssignRoles request)\r\n   at lambda_method(Closure , Object , Object )\r\n   at ServiceStack.Host.ServiceRunner`1.Execute(IRequest request, Object instance, TRequest requestDto)",
    "Errors": []
  }
}

what will be the solutions and where are some built in roles and permissions? i couldn't find any information? Thanks.

1条回答
走好不送
2楼-- · 2019-03-03 03:23

The AssignRolesService shouldn't be called by anyone, by default it can only be called by someone in the RoleNames.Admin, i.e. Admin Role.

Use custom Assign Roles Service

You can ignore this default behavior by instead using your own custom Service to assign roles which is just a wrapper around the IAuthRepository.AssignRoles() API, e.g:

public class CustomRolesService : Service
{
    public IAuthRepository AuthRepo { get; set; }

    public object Post(AssignRoles request)
    {
        var userAuth = AuthRepo.GetUserAuthByUserName(request.UserName);
        if (userAuth == null)
            throw HttpError.NotFound(request.UserName);

        AuthRepo.AssignRoles(userAuth, request.Roles, request.Permissions);

        return new AssignRolesResponse();
    }
}

Master AuthSecret

To help with development ServiceStack also supports specifying a master password with:

SetConfig(new HostConfig { AdminAuthSecret = "secretz" });

Which then lets you by-pass any protected service with the QueryString:

?authsecret=secretz
查看更多
0人赞 添加讨论(0) 举报
登录 后发表回答
相关问题
查看全部
相关文章
查看全部
收藏的人(6)